Create the Private Key / Public Key Combinations on your Local Machine

ssh-keygen -t rsa

This will create two files in the following directory:

~/.ssh

The private key is titled ‘id_rsa’, and, the public key which will reside on your server is called ‘id_rsa.pub’:

id_rsa
id_rsa.pub

Remember, you will always require the private key in order to authenticate yourself against the public key residing on your server.

If you’re having trouble understanding this, remember this analogy:

Think of a keyhole as the public key which resides on your server, anyone can attempt to open the door (server) by putting their key in the keyhole, however, only the correct key (private key) will open the door.

Create the SSH Folder on Your Server

SSH into your server and create a folder called ‘.ssh’ in your home directory:

mkdir ~/.ssh

Transfer the Public Key from Local Machine to Your Server

Next, we will transfer the public key you created locally in step 1 to your server using SCP.

scp ~/.ssh/id_rsa.pub user@host.com:~/.ssh/authorized_keys

Login using Your Public Key

You’re finished! You can now login to your CentOS server using public key authentication via any of the methods below:

Login using a Config File

It’s really easy to login when you use config files.

Simply create a ‘config’ file on your local machine as follows:

touch ~/.ssh/config

Once created, just edit the file using nano and specify your private key, username and hostname:

I read an article the other day that was posted on TorrentFreak, regarding Visa and MasterCard “Banning VPN Providers”:

“Following the introduction of restrictions against file-sharing services, Mastercard and Visa have now started to take action against VPN providers. This week, Swedish payment provider Payson cut access to anonymizing services after being ordered to do so by the credit card companies. VPN provider iPredator is one of the affected customers and founder Peter Sunde says that they are considering legal action to get the service unblocked”

In my opinion, thanks to Visa and MasterCard, VPN providers and customers alike will start to look at anonimity and security from a different perspective.

Here’s why:

The primary buyer TA is *usually* the more technically inclined individual. Now that Visa and MasterCard are banishing VPN subscription providers, users will revert to deploying a VPS with their own VPN software, such as OpenVPN and Poptop PPTP. This means users have more granularity and control over their VPN, e.g.

Control over log files

Choose their preferred VPN location and VPS provider

Set their own security standards

Choose their own VPN software (OpenVPN, PPTP etc)

Additionally, VPN providers will now be inclined to offer alternative payment methods to their customers (consider Bitcoin) to further preserve anonominity.

After RHEL dropped support for Xen in EL6 in favour of their KVM equivalent, it’s meant cloud ops teams and developers alike were manually compiling packages or using third-party untrusted repos to launch their virtual infrastructure.

Thankfully, Xen can now be installed (cleanly) via Yum. This means its essentially just another RPM on your system, not a burden.

Shout out to the team at the Xen Hypervisor Project, GoDaddy and Rackpace for making this all possible.

Ever wanted to get the version of a Bind DNS nameserver? How about change the version to a string of text or remove it altogether? Here’s some quick tips that’ll show you how:

Get Bind DNS Version

First, open up a terminal on your Linux or Mac OSX box and enter the following command, where ns1.bindnameserver.com is the nameserver you wish to probe:

dig chaos txt version.bind @ns1.bindnameserver.com

This should output something similar to:

;; ANSWER SECTION:
version.bind. 0 CH TXT "Bind 9"

Change Bind DNS Version on CentOS / Debian / Ubuntu

It’s always a good idea to hide or change the Bind DNS nameserver version. If an attacker knows the version of Bind you are running, it’ll give them clues as to how they can exploit it. This is called security through obscurity.